SBS 2008 Update Rollup 3 (KB 969121) Installation Failure

SBS 2008 Update Rollup 3 (KB 969121) Installation Failure

  • Comments 3
  • Likes

[Today's post comes to us courtesy of Chris Puckett]

When you attempt to install SBS 2008 UR 3 (969121) it may fail with error code 6BA "Windows Update encountered an unknown error".

ur3-wu-err

The C:\Windows\WindowsUpdate.log file for this update reports error 0x80070643 / 0x000006BA.

 

Troubleshooting:

One of the actions SBS2008 Update Rollup 3 (UR3)  performs is to change the Integrated Windows authentication in the companyweb site from NTLM to Negotiate (Kerberos) while maintaining client integration to allow you to browse http://companyweb from the server after installing IE rollup 963027 or later, IE8 or Windows 2008 SP 2. 

Check the C:\Windows\temp\EnableKerberosLog_2009_<date_time>.log file for more clues.

1.    If you see text similar to the log below, it’s most likely that the zone has changed: 

2009/09/04 13:35:45| Reading registry keys to get URL for SBS SharePoint
2009/09/04 13:35:45| Url found:
https://remote.contoso.com:987
2009/09/04 13:35:45| Trying to enable Kerberos, as well as set other authentication configurations
2009/09/04 13:35:45| Backup original settings of site
https://remote.contoso.com:987
2009/09/04 13:35:46| Webapplication found
2009/09/04 13:35:46| Webapplication is running in app pool with identity NetworkService
2009/09/04 13:35:46| Checking authenticaiton mode for Default zone
2009/09/04 13:35:46| Authentication provider is Kerberos
2009/09/04 13:35:46| Originally not allow anonymous
2009/09/04 13:35:46| Originally client integration enabled
2009/09/04 13:35:46| Originally not use basic authentication
2009/09/04 13:35:46| Original settings backup-ed. The machine is ready for authentication settings configuration
2009/09/04 13:35:46| Calling stsadm.exe to enable Kerberos with parameter "-o authentication -url
https://remote.contoso.com:987 -type windows -enableclientintegration -usewindowsintegrated"
2009/09/04 13:35:47|  Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.InstallException: Fail to enable Kerberos with exit code -1   at Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.EnableKerberosHelper.TryEnableKerberos() at Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.Program.Main(String[] args)
 

Check the zones in SharePoint Central Administration.

        a. Open SharePoint 3.0 Central Administration, click the Operations tab, and then click  Alternate access mappings (under Global Configuration).

        b. If https://remote.contoso.com:987 and http://companyweb are not in the zones mentioned above, adjust them accordingly and try installing SBS 2008 Update Rollup 3 again.

Note: https://Remote.contoso.com:987 should be in the Default zone. If it is in the Internet zone, this can prevent SBS 2008 UR3 from changing the authentication mode on companyweb and resulting in the SBS 2008 UR3 installation failure.

 

2.    If you see text similar to the log below, you may need to specify a domain prefix like remote or www along with the external domain name in the IAMW. 

2009/09/03 15:55:34| Reading registry keys to get URL for SBS SharePoint
2009/09/03 15:55:34| Url found:
https://.contoso.com:987
2009/09/03 15:55:34| Trying to enable Kerberos, as well as set other authentication configurations
2009/09/03 15:55:34| Backup original settings of site
https://.contoso.com:987
2009/09/03 15:55:34|    Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.InstallException: https://.contoso.com:987 is not in correct URI format ---> Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.KerberosConfigurationException: https://.contoso.com:987 is not in correct URI format ---> System.UriFormatException: Invalid URI: The hostname could not be parsed.
   at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind) at Microsoft.WindowsServerSolutions.IWorker.EnableKerberos.EnableKerberosHelper.BackupOriginalSettings(String url)
   --- End of inner exception stack trace ---

You have two options here. 

Option 2 involves running the IAMW two times but may temporarily affect external Outlook and OWA clients from accessing email and RWW and SharePoint will temporarily not work with the contoso.com URL that users will be used to using because the certificate and URL will change from contoso.com to remote.contoso.com for example. Option 1 avoids this, but requires manual steps to perform. Choose one method.

Choose Option 1 or 2.  It is not necessary to do both.

Option 1: Manually edit the registry and SharePoint.

a. Open regedit and navigate to HKLM\Software\Microsoft\SmallBusinessServer\Networking.

b. Double-click PublicFQDNPrefix. Type remote and click OK.

c. Try installing SBS 2008 Update Rollup 3 again.

d. Open an elevated command prompt and change directories to C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\Bin.

e. Run this command: stsadm.exe -o authentication -url https://contoso.com:987 -type windows –enableclientintegration -usewindowsintegrated

f. The URL will be the value of PublicFQDNProvider in the registry key mentioned in step a. You can also get this command and URL from the EnableKerberos log file mentioned above. It will return Operation completed successfully if it completes successfully. If it fails with a syntax error try retyping the dashes.  If it still fails with a syntax error try manually typing in the entire command.

g. Open regedit and navigate to HKLM\Software\Microsoft\SmallBusinessServer\Networking.

h. Double-click PublicFQDNPrefix. Delete the remote value and click OK.

 

Option 2: Re-run the IAMW to set the proper URL.

a. Open the Windows SBS Console. On the Home tab, click Set up your Internet address.

b. Specify your external domain name in the wizard like contoso.com (not contoso.local).

c. On that same page, click the Advanced settings link.

d. Uncheck the box ‘Do not use a domain prefix’. Set the domain prefix set to remote or whatever (this is temporary) and do not check the box ‘Do not use a domain prefix’.

e. Click OK and finish the wizard.

f. Try installing SBS 2008 Update Rollup 3 again.

g. Re-run IAMW. Click the Advanced settings link on the page where you type the domain name (contoso.com).

h. Check the box ‘Do not use a domain prefix’.

i. Click Yes, OK, Yes and finish the wizard.

 

3.    If the only text you see in the log is like the example below, your companyweb site may be inaccessible for some reason. 

2009/09/04 14:33:46| Reading registry keys to get URL for SBS SharePoint
2009/09/04 14:33:46| Url found:
https://remote.contoso.com:987
2009/09/04 14:33:46| Trying to enable Kerberos, as well as set other authentication configurations
2009/09/04 14:33:46| Backup original settings of site https://remote.contoso.com:987

OR

2009/09/04 14:34:42| Rolling back to NTLM
2009/09/04 14:34:42| The install was not started. Nothing to rollback

OR

   2009/09/04 14:34:42| Kerberos Enabling fix is not installed. Do nothing this time 

SharePoint is inaccessible.

See this post for the details: http://blogs.technet.com/sbs/archive/2009/05/06/companyweb-inaccessible-after-sharepoint-3-0-service-pack-2.aspx 

4.    If you’ve made it to this point and it’s still not fixed, consider engaging Microsoft Support for assistance.

 

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
Comments
  • My issue may have just coincided by coincidence to installing the update rollup 3 for SBS 2008, but I was unable to access the OWA website after the update installed.  Error messages from an external browser and the server follow below.

    To resolve, I attempted to reinstall the Client Access Role which required reconfiguring the internet address and third party certificate.  I also tried to fix by running the "fix my network wizard" and the "SBS 2008 BPA".  I also enabled ASP.NET v1.1.4322 in the ISAPI and CGI Restrictions in IIS7.

    This issue was resolved by emptying the contents of the following folder: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\owa

    Error Messages

    Server Error in '/owa' Application.

    Runtime Error

    Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed.

    Details: To enable the details of this specific error message to be viewable on the local server machine, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "RemoteOnly". To enable the details to be viewable on remote machines, please set "mode" to "Off".

    <!-- Web.Config Configuration File -->

    <configuration>

       <system.web>

           <customErrors mode="

    Only"/>

       </system.web>

    </configuration>

    Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.

    <!-- Web.Config Configuration File -->

    <configuration>

       <system.web>

           <customErrors mode="On" defaultRedirect="mycustompage.htm"/>

       </system.web>

    </configuration>

    and this message was in the event log:

    Event code: 3008

    Event message: A configuration error has occurred.

    Event time: 9/10/2009 9:32:59 AM

    Event time (UTC): 9/10/2009 2:32:59 PM

    Event ID: b8482dca33d84ef6baab3ea89d8318c8

    Event sequence: 1

    Event occurrence: 1

    Event detail code: 0

    Application information:

       Application domain: /LM/W3SVC/3/ROOT/owa-4-128970667790767635

       Trust level: Full

       Application Virtual Path: /owa

       Application Path: C:\Program Files\Microsoft\Exchange Server\ClientAccess\owa\

       Machine name: YOURSERVER

    Process information:

       Process ID: 5204

       Process name: w3wp.exe

       Account name: NT AUTHORITY\SYSTEM

    Exception information:

       Exception type: HttpException

       Exception message: Could not load file or assembly 'Microsoft.Exchange.Clients.Owa, Version=8.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The parameter is incorrect. (Exception from HRESULT: 0x80070057 (E_INVALIDARG))

    Request information:

       Request URL: http://remote.yoursite.com/owa/auth/logon.aspx?url=http://remote.yoursite.com/owa/&reason=0

       Request path: /owa/auth/logon.aspx

       User host address: x.x.x.x

       User:  

       Is authenticated: False

       Authentication Type:  

       Thread account name: NT AUTHORITY\SYSTEM

    Thread information:

       Thread ID: 8

       Thread account name: NT AUTHORITY\SYSTEM

       Is impersonating: False

       Stack trace:    at System.Web.Compilation.BuildManager.ReportTopLevelCompilationException()

      at System.Web.Compilation.BuildManager.EnsureTopLevelFilesCompiled()

      at System.Web.Hosting.HostingEnvironment.Initialize(ApplicationManager appManager, IApplicationHost appHost, IConfigMapPathFactory configMapPathFactory, HostingEnvironmentParameters hostingParameters)

    Custom event details:

    - System

     - Provider

      [ Name]  ASP.NET 2.0.50727.0

     - EventID 1310

      [ Qualifiers]  32768

      Level 3

      Task 3

      Keywords 0x80000000000000

     - TimeCreated

      [ SystemTime]  2009-09-10T14:32:59.000Z

      EventRecordID 1627641

      Channel Application

      Computer YOURFQDN

      Security

    - EventData

      3008

      A configuration error has occurred.

      9/10/2009 9:32:59 AM

      9/10/2009 2:32:59 PM

      b8482dca33d84ef6baab3ea89d8318c8

      1

      1

      0

      /LM/W3SVC/3/ROOT/owa-4-128970667790767635

      Full

      /owa

      C:\Program Files\Microsoft\Exchange Server\ClientAccess\owa\

      YOURSERVER

      5204

      w3wp.exe

      NT AUTHORITY\SYSTEM

      HttpException

      Could not load file or assembly 'Microsoft.Exchange.Clients.Owa, Version=8.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The parameter is incorrect. (Exception from HRESULT: 0x80070057 (E_INVALIDARG))

      http://remote.yoursite.com/owa/auth/logon.aspx?url=http://remote.yoursite.com/owa/&reason=0

      /owa/auth/logon.aspx

      192.168.168.1

      False

      NT AUTHORITY\SYSTEM

      8

      NT AUTHORITY\SYSTEM

      False

      at System.Web.Compilation.BuildManager.ReportTopLevelCompilationException() at System.Web.Compilation.BuildManager.EnsureTopLevelFilesCompiled() at System.Web.Hosting.HostingEnvironment.Initialize(ApplicationManager appManager, IApplicationHost appHost, IConfigMapPathFactory configMapPathFactory, HostingEnvironmentParameters hostingParameters)  

  • Do you plan to fix (for me, it will be a fix) the way the wizard for domain behave? I mean to have the possibility to choose 2 domains : the default exchange and the one for access from wan.

  • Option one worked a treat for me so many thanks and keep the good work